WB 2.08.x

1. problems with confirmation mail solved

1. account/forgot_form : fixed fix...

1. account/preferences_form : language selection fixed
2. account/forgot_form : password generation fixed

! see Build 1986
also implemented in frontend account

/account/signup added posibility for different mailto address
/install/save.php modified internal comment

syncronize project and some small typo corrections in /account/

1. bugfix missing trailing backtick in output_filter/input.php
2. bugfix wrong backticks in 'admin/media/upload.php
3. bugfix add missing language variable in account
   ! update form module, add class frm-fieldset to fieldset, restyle error box
   ! update captcha iframe attribute settings

1. bugfix preferences timezone, date_format, time_format settings, backend and frontend

! change mysql_esc_string to WbDatabase::getInstance()->escapeStrinng()

1. typofix page_extended in admin/settings and admin/pages/
   ! Fill empty option modules dropdown in admin/pages/sections.php

1. bugfix redclare function in preferences_form
   ! add infobox, if you have to change the language before working in preferences

1. fixed Use of undefined constant PAGE_ID in /account/forgot.php
   ! change return value to boolean in user management delete.php, add.php
   ! change WEBSITE_SIGNATURE to WBMAIL_SIGNATURE

1. fixed output activation conformation
2. fixed deleting Users awaiting activation
   ! add YYYY-MM-DD in date_formats dropdown

1. security fix CRLF injection/HTTP response splitting

! account signup check that display_name is unique in whole system
(prevents from User-faking)
! add POST Request to admintools

1. add missing lang var in account/languages/EN.PHP

! supress frontend preferences, if user have no permission for it

! all changes in folder account, Signup with confirmation Mail
! frontend.css now included by account script

1. fixed parsing error in signup

+ add methode StripCodeFromText in class.wb to clean injection
! rebranding the admin/settings and security fixes
! a few new styling in backend wb_theme
! beginning aa lot of account changes like correction of $_SESSION indexe, security fixes
+ add head.load.min.js and head.min.js to /include/jquery/ to style HTML5 templates

wb theme styling

! account split html and code
+ add signup activation registering
+ add missing icons in themes

! Now you can style account login with your frontend Template CSS
this change is in work for the whole account

! change redirect logic for registered pages

! beginning update frontend account
! remove html markup from code

! fixed signup, remove $admin->print_error methods
+ add send registation mail to systemadministartor

Fixed SERVER_EMAIL in languages, needs double brackets
Installer redesign Step 2

fallback signuo2.php revision 1633

! update language files and rework some core files (read DEVINFOS)
! compress mdcr.js
+ add DEVINFOS Instructions/Informations for modulecoder

login.php fallback to revision 1602

fixed parse error in login.php

fix local module reload and module manuell install
forgot to upload login.php

little designfix in forgot_form.php
fix media if uploading zip files with folder, than create FolderProtectFiles

update all used files with redirect_url to $_SESSION['HTTP_REFERER']

highly critical security-fix
announced on http://www.darksecurity.de/advisories/2012/SSCHADV2012-003.txt

fix form language vars for better understanding (Tks to Maverik)
change request if HTTP_REFERER is not empty in logout.php

remove session_start() in /account/logout.php

possible errors on 'save password' fixed. Minimum length of password set to 6 chars

fix class.login, when name and pass are both empty, no longer call increase_attemps
some redirect updates in frontend account files

1. bugfix in forgot_form.php

1. typofixes in DE languages files (Tks to Ruebenwurzel)

+ add languages vars in languages files
+ add upload error mesages moduleinstall
+ add index.php if not exists in function createFolderProtectFile
! corrected changed coding between login_form and forgot_form

! recoded /account/forgot_form.php
! update quickSkin
! update languages files
+ add /temp/quickSkin/ folder
! begin fixing sec_anchor in urls

add new backend theme handling (Tks to Stefek)

fix redirect login

account/signup.php, check if user is already logged
fix non object message in framework/functions.php

continue fixing frontend account

fixed print_error exit in frontend account

found more backlinks to fix
remove not working ftan in frontend
fixed redirect in login procedure (Tks to mr-fan)
update droplet LoginBox, additional parameter $redirect
remove double config call in media (Tks to Testör)

fixed validation of loginname (admin/users and signup)

fix entities converting in select languages (Tks to the community)
see http://www.websitebaker2.org/forum/index.php/topic,20547.msg140512.html#msg140512

redefined wrong admin backlinks

YGN Ethical Hacker Group (2.8.2 / 2.9.0)

1. various Security fixes, thanks to secunia and others

1. Security fix in account
2. Security fix in admin/media, thanks to hal 9000

update headerinfos

fixed headerinfos

update headerinfos

add ini_set('display_errors', 1) (Tks to Thorn)
update headerinfos

Ticket #985 With #1318 no login in backend possible
Ticket #986 Typo inside the german language file
Ticket #982 Unnessesary heredoc causes on errors while installation!
Ticket #926/Ticket #928 Mail Notification on new user registration

Ticket #971 Using $_POST in Admin - account - login.php (tks to Aldus)
update class.wb.php added tokens function

continue update headertext
Ticket #930 disabled SyntaxHighlighter from default WB Installation
change help url to www.websitebaker2.org

update headertext

update header info

Beginning header information update

fix login_form.php sometimes produce javascript errors in IE

Clean check in of minor bugfixes: Add some localizations, correct html/php syntax

Ticket #832: Fix wrong configuration of timezone-handling when saving preferences-form on backend and frontend

validate some output files

fix some PHP 5.3 deprecated functions

Created 2.8.x branch

Fixed E_ALL&E_STRICT warning on PHP5 servers (Thanks to Aldus)

replaced all remaining mktime() with time(), except from third party scripts

Fixed not defined language variable in account/email.php (Thanks to Forum-User BlackTiger)

removed unneeded icons from wb_theme

removed unneeded stylesheet.css from account dir

renamed warning.htt to warning.html to fix display of sourcecode after invalid login attemps

added fixed error.htt also to classic theme

added skinable Admin Interface

Mail text for register, signup and forgot mail now taken from WB language file (ticket #684)

Copyright notices now includes 2009

applied additional mail check to forgot login form

some small fixes: group_id/groups_id-handling, safe_mode-query in install, better work-around for issue with phplib and code-module (removed {})

fixed bug with registration of users are not added to signup group

removed include/captcha/asp.php. css have to be added to module's css-files.

reintroduced include/captcha/asp.php

removed include/captcha/asp.php

fixed bug in user signup

Fixed possible XSS in account/login.php and forgot-form.php

fixed fixed typo :-(

fixed typo

Added some missing add_slashes(), get_post_escaped(), and strip_tags() for $_POST, $_GET and $_REQUEST-data. Also for $_SERVER['PHP_SELF'].

added new CAPTCHA and ASP (Advanced Spam Protection)

removed the PAGE_EXTENSION added with changeset 549

fixed bug in frontend login and multiple groups (in conjunction with error_reporting = E_ALL)

added the "users in multiple groups" feature (closes parts of ticket #546)

Replaced the variable PAGE_EXTENSION with hardcoded .php on all places where the pathes points to WB Corefiles with the page extension .php

Replaced hardcoded text in login.php with language variables (fixes #386)

Changed all copyright notices to include now 2008

Security enhancement (reduced number of login trials from 50 to 3).

Added 2007 to all copyright notices
Added missing ID Keywords
Removed not Unix conform line endings

Fixed spelling errors in the signup2.php (#330)

Fixed more security issue's related to ticket #237